Read: Cyber attack compromises U.K. pension plan members’ personal information
Indeed, the coronavirus pandemic shone a light on the need for online data maintenance in Canada, as companies sought to collect more thorough information, Kennedy adds. As plan sponsors gather more data about members’ behaviour regarding savings, plan participation or investments, she believes they’re increasingly recognizing the responsibility that comes with handling all of this information and the potential harm in mishandling modern data pools.
“Today a Canadian insurance company would be able to collect salary data, birth date data, data from outside of the retirement plan [and] data on the [member’s] spouse — basically, a comprehensive profile of a person — and use that data to nudge that person in one direction or another.”
Plan sponsors are enhancing policies around cybersecurity risk to protect plan members, but there’s still a long road ahead. Kennedy says more instructions are needed about distinction in responsibility and she anticipates more provinces will step up with “improved and enhanced privacy legislation.”
Read: OSFI’s draft pension cybersecurity standard…
